package com.yjh.gateway.config;

import org.springframework.context.annotation.Configuration;

//@Configuration
////@EnableWebSecurity is used to enable Spring Security’s web security support and provide the Spring MVC integration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//
//
//    private final CustomAuthenticationProvider customAuthenticationProvider;
//
//    @Autowired
//    public WebSecurityConfig(CustomAuthenticationProvider customAuthenticationProvider) {
//        this.customAuthenticationProvider = customAuthenticationProvider;
//    }
//
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) {
//        auth.authenticationProvider(customAuthenticationProvider);
//    }
//
//    @Bean
//    public JwtTokenUtil jwtTokenUtil(){
//        return new JwtTokenUtil();
//    }
//
//    @Bean
//    public CorsFilter corsFilter() throws Exception {
//        return new CorsFilter();
//    }
//
//    @Bean
//    public JwtAuthenticationTokenFilter authenticationTokenFilterBean() {
//        return new JwtAuthenticationTokenFilter();
//    }
//
//    @Override
//    protected void configure(HttpSecurity httpSecurity) throws Exception {
//        httpSecurity
//                // 由于使用的是JWT，我们这里不需要csrf,不用担心csrf攻击
//                .csrf().disable()
//                // 基于token，所以不需要session
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
//
//                .authorizeRequests()
//                //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
//
//                // 允许对于网站静态资源的无授权访问
//                .antMatchers(
//                        HttpMethod.GET,
//                        "/",
//                        "/*.html",
//                        "/favicon.ico",
//                        "/**/*.html",
//                        "/**/*.css",
//                        "/**/*.js",
//                        "/webjars/springfox-swagger-ui/images/**","/swagger-resources/configuration/*","/swagger-resources",//swagger请求
//                        "/v2/api-docs"
//                ).permitAll()
//                // 对于获取token的rest api要允许匿名访问
//                .antMatchers("/pmdbservice/auth/**","/pmdbservice/keywords/export3").permitAll()
//                .antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
//                // 除上面外的所有请求全部需要鉴权认证。 .and() 相当于标示一个标签的结束，之前相当于都是一个标签项下的内容
//                .anyRequest().authenticated().and()
//                .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
//                .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
//
//        // 禁用缓存
//        httpSecurity.headers().cacheControl();
//    }
//
//}
